Hi All,
I want to get list of users using the splunk api to get the data from splunk, can you please guide how we can do that.
Try this base query uri_path field contains api, user field having user details. Do you know the api you want to find in then filter them
index=_internal source="/opt/splunk/var/log/splunk/splunkd_access.log" sourcetype=splunkd_access | table _time user uri_path output_mode
--
an upvote would be appreciated if this reply helps!